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Abstract 

In this paper, we introduce a semantics of realisability for the classical propositional 
natural deduction and we prove a correctness theorem. This allows to characterize 
the operational behaviour of some typed terms. 

Key words: classical natural deduction, semantics of realisability, 
correctness theorem. 



1 Introduction 

Natural deduction system is one of the main logical system which was intro- 
duced by Gentzen [4] to study the notion of proof. The full classical natural 
deduction system is well adapted for the human reasoning. By full we mean 
that all the connectives (— >, A and V) and _L (for the absurdity) are considered 
as primitive and they have their intuitionistic meaning. As usual, the nega- 
tion is defined by ->A = A — Considering this logic from the computer 
science of view is interesting because, by the Curry-Howard correspondence, 
formulas can be seen as types for the functional programming languages and 
correct programs can be extracted. By this correspondence the corresponding 
calculus is an extension of the A/i-calculus with product and co-product. 

Until very recently (see the introduction of [3] for a brief history), no proof 
of the strong normalization of the cut-elimination procedure was known for 
full logic. In [3], P. De Groote gives a such proof for classical propositional 
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natural deduction by using the CPS-transformation. R. David and the first 
author give in [2] a direct and syntactical proof of this result. R. Matthes 
recently found another semantical proof of this result (see [6]). 

In order to prove the strong normalization of classical propositional natural 
deduction, we introduce in [8] a variant of the reducibility candidates, which 
was already present in [11]. This method has been introduced by J.Y. Girard. 
It consists in associating to each type A a set of terms \A\, such that every term 
is in the interpretation of its type (this is called "the adequation lemma"). To 
the best of our knowledge, we obtain the shortest proof of this result. 

In this paper, we define a semantics of realisability of classical propositional 
natural deduction inspired by [8] and we estabilish a correctness theorem. 
The idea is to replace the set of strongly normalizing terms used in the proof 
presented in [8] by a set having the properties necessary to keep the adequation 
lemma. This result allows to characterize the operational behaviour of terms 
having some particular types. 

The paper is organized as follows. Section 2 is an introduction to the typed 
system and the relative cut-elimination procedure. In section 3, we define the 
semantics of realisability and we prove the correctness theorem. In section 4, 
we give some applications of this result. 



2 Notations and definitions 

Definition 2.1 We use notations inspired by the paper [1]. 

(i) Let X and A be two disjoint alphabets for distinguishing the A-variables 
and /i-variables respectively. We code deductions by using a set of terms 
T which extends the A-terms and is given by the following grammars: 

T := X I XX. T | (T 6) | (T, T) | u{I \ u 2 T | jiA.T \ (A T) 
£ := T | TTi | tt 2 I [X.T, X.T] 

An element of the set £ is said to be an £-term. 

(ii) The meaning of the new constructors is given by the typing rules below 
where V (resp. A) is a context, i.e. a set of declarations of the form x : A 
(resp. a : A) where x is a A-variable (resp. a is a /i-variable) and A is a 
formula. 



r, x : A h x : A ; A 
T,x : Aht : B;A T \- u : A ^ B; A T h v: A; A 

r h Xx.t : A -> B;A~^ i r h (u v):B;A 

T\-u:A;A T h v : B; A 
r h (u,v) : AAB; A Ai 
Tht:AAB;A 1 T \- t : A A B; A 2 
r h (t tti) : A- A Ae r h (t vr 2 ) : B'A^ e 
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T\-t:A;A 1 T\-t:B]A 2 
r hwit :AVB;A Vi r h aj 2 t :AVB;A Vi 
rhf:AVB;A r,x:Ahn:C;A r,)/:5ht):C;A 

r h (t [x.u,y.v]) : C; A Ve 
rht:A;A,a:A , T h t : ±; A, a : A , 

■zr - ; ; : r rflOSj — — — t aOS e 

r h (a t) : _L; A, a : A T h yuai : A; A 

(iii) The cut-elimination procedure corresponds to the reduction rules given 
below. They are those we need to the subformula property. 

• (Xx.u v) > u[x := v] 

• ({tl,t 2 ) 7T i )>t i 

• (Uit [x 1 .ui,x 2 .u 2 \)>u i [x i :=t] 

• ((t [x 1 .u 1 ,x 2 .u 2 \) e)>(t [x 1 .(u 1 e),x 2 .(u 2 e))) 

• (fia.t e) > fj,a.t[a :—* e\. 

where t[a :=* e] is obtained from t by replacing inductively each sub- 
term in the form (a v) by (a (v e)). 

(iv) Let t and t' be £-terms. The notation t > t' means that t reduces to t' by 
using one step of the reduction rules given above. Similarly, t >* t' means 
that t reduces to t' by using some steps of the reduction rules given above. 

The following result is straightforward 

Theorem 2.2 (Subject reduction) If Y h t : A; A and t >* t' , then T h t' : 
A; A. 

We have also the following properties (see [1], [2], [3], [8] and [9]). 

Theorem 2.3 (Confluence) Ift>*t\ andt>*t 2 , then there exists t 3 such that 
ti >* £3 and t 2 o* £3. 

Theorem 2.4 (Strong normalization) If T h t : A; A, then t is strongly 
normalizable. 

3 The semantics 

Definition 3.1 (i) We denote by £ <UJ the set of finite sequences of £-terms. 
The empty sequence is denoted by 0. 

(ii) We denote by w the sequence W\w 2 ...w n . If w — wiiv 2 ...w n , then (t w) is 
t if n = and ((£ W\) w 2 ...w n ) if n ^ 0. The term t[a :=* w] is the term 
obtained from t by replacing inductively each subterm in the form (a v) 
by (a (v w)). 

(iii) A set of terms S is said to be /i-saturated iff: 

• For each terms u and v, if u 6 S and v >* u, then v £ 5. 

• For each a £ ^4 and for each t E S, fia.t £ S* and (a £) £ S*. 

(iv) Consider two sets of terms K, L and a /i-saturated set S, we define new 
sets of terms: 
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• K —> L = {t I (t u) £ L, for each u £ K}. 

• K A L = {t I (t 7Ti) £ if and (i ?r 2 ) £ L}. 

• K\J L = {t I for each w, t>: if (for each r £ X,s £ L: u[x := r] £ S and 
i>[j/ := s] £ S 1 ), then (t [x.u, y.v]) £ S 1 }. 

(v) Let S be a /i-saturated set and {Ri\i & i subsets of terms such that Ri = 
Xi — > S for certains Xi C £ <UJ . A model Ai = (S; {Ri}i £ i) is the smallest 
set of subsets of terms containing S and Ri and closed under constructors 
— A and V. 

Lemma 3.2 Let Ai = (S; {Ri}i e i) be a model and G £ Ai. 
There exists a set X C £ <UJ such that G = X — > S . 

Proof By induction on G. 

• G = S: Take X = {0}, it is clear that S = {0} -> S. 

• G = Gi — > G 2 : We have G 2 = X 2 ~~ * S for a certain set X 2 . Take X = {!iu 
/ u £ Gi, t> £ X 2 }. We can easly check that G = X — > S. 

• G = G\ A G 2 : Similar to the previous case. 

• G = Gi V G 2 : Take X = {[x.u, y.v] / for each r £ Gi and s £ G 2 , m[x := 
r] £ S and u[y := s] £ S}. By definition G = X — > S. 

□ 

Definition 3.3 Let Ai = (S; {Ri}i e i) be a model and G £ AI, we define 
the set G 1 = U{X / G = X —> S}. 

Lemma 3.4 Let Ai = (S; {Ri}i £ i) be a model and G £ Ai. 

We have G = G 1 " — > S (G ± is the greatest X such that G = X — > S). 

Proof This comes from the fact that: if, for every j £ J, G = Xj — > S, 
then G = U jeJ Xj -> 5. □ 

Definition 3.5 (i) Let AI = (S 1 ; {i?j}j e /) be a model. An Af-interpretation 
/ is an application from the set of propositional variables to Ai which we 
extend for any type as follows: 

• /(-L) = S 

• I(A -+B) = 1(A) -> 7(5). 

• /(iAB) = /(A) A 7(5). 

• 7 (A V B) = 1(A) V 1(B). 

The set \A\m = C\{I(A) / I an Al-interpretation} is the interpretation 
of A in AI. 

(ii) The set \A\ = n{\A\ M j Ai a model} is the interpretation of A. 

Lemma 3.6 (Adequation lemma) Let Ai = (S; {Ri}i & i) be a model, I a 
M-interpretation, T = {xi : Ai}i<i< n , A = {aj : -Bj}i<,< m , itj £ I(Ai), 

J/r h t : A; A, t/ien t[x x := u u ...,x n := u n ,a x :=* Ui,...,a m :=* u m ] £ 
/(A). 
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Proof Let us denote by s' the term 

s[x 1 := ui, ...,x n := u n , a 1 :=* ui, ...,a m :=* v~ m \. 

The proof is by induction on the derivation, we consider the last rule: 

(i) ax, — > e and A e : Easy. 

(ii) — >f. In this case t = Xx.u and A = B — > C such that r,x : -B h it : 
C ; A. By induction hypothesis, i/[a: := v] G /(C) = 1(C) 1 - — > £ for 
each i> G /(/>), then (u'[x := u] iu) G S for each u) G 1(C)- 1 -, hence 
((Xx.u' v) w) G S because ((Xx.u' v) w) >* (u'[x := u] w). Therefore 
t' = Xx.u' G 1(B) -> 7(C) = 7(A). 

(iii) Aj and V^: A similar proof. 

(iv) V e : In this case t = (U [x.u,y.v]) with (r h t x : B V C; A), (r,x : £ h 
it : A; A) and (I\ y : C h u : A; A). Let r G 1(B) and s G 7(C), by 
induction hypothesis, t[ G 1(B) V 7(C), := r] G 7(A) and i/[?/ : = 
s] G 7(A). Let w G 7(A)- 1 , then (it' [a; := r] w) <E S and (i/[y : = 
s] w) G 5, hence (t[ [x.(u' w),y.(v' w)}) G S, since ((t' x [x.it', y.i/)] w) >* 
(t' x [x.(it' w),y.(v' w)}) then ((^ [x.it', y.t/)] w) G S*. Therefore i' = 
(t[ [x.u',y.v'})eI(A). 

(v) afo e : In this case t = ua.t 1 and r h t\ :_L ; A', a : A. Let v G 7(A)- 1 . 
It suffies to prove that (fia.t^ v) G S. By induction hypothesis, t[[a :=* 
u] G 7(_L) = S, then /la.t'Ja :=* v] G 5 and (ua.t^ v) G S 1 . 

(vi) afej: In this case t = (aj u) and r h u : 7^-; A', aj : 7?j. We have to prove 
that t' G S. By induction hypothesis it' G I(Bj), then (it' tJy) G S 1 , hence 
t' = (a (u' Vj)) G 5. 

□ 

Theorem 3.7 (Correctness theorem) If\~t:A, then t G |A|. 

Proof Immediately from the previous lemma. □ 



4 The operational behaviors of some typed terms 

The following results are some applications of the correctness theorem. 

Definition 4.1 Let t be a term. We denote M t the smallest set containing 
t such that: if u G M t and a 6 i, then //a. it G M t and (a it) G M t . Each 
element of M t is denoted /ii. For exemple, the term ua.[ib.(a (b (uc.(a ud.t)))) 
is denoted by \i.t. 

In the next of the paper, the letter P denotes a propositional variable 
which represents an arbitrary type. 
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4-1 Terms of type _L— > P "Ex falso sequitur quodlibet" 

Example 4.2 Let T = \z.\ia.z. We have T :_L— > P and for every term £ 
and iZ G T <w , ((T t) u) >* fxa.t. 

Remark 4.3 The term (T t) modelizes an instruction like exit(i) (exit is 
to be understood as in the C programming language). In the reduction of a 
term, if the sub-term (T t) appears in head position (the term has the form 
((T t) u)), then after some reductions, we obtain t as result. 

The general operational behavior of terms of type _L— > P is given in the 
following theorem: 

Theorem 4.4 Let T be a closed term of type P, then for every term t 
andue S <w , ((T t) u) >* f£.t. 

Proof Let t be a term and u G £ <UJ . Take S — {v j v >* fi.t} and R = 
{u} — > S. It is clear that S is /i-saturated set and t G S. Let M. = (S; R) 
and / an .A/f-interpretation such that I(P) = R- By the theorem 3.7, we have 
T eS -> ({u} -> S), then ((T t) u) £ S and ((T t) «) >* fx.t. □ 

Terms of type (-P — > P) — > P "Pierce law" 

Example 4.5 Let C\ = Xz.fia.(a(z Xy.(ay))) and 
C 2 = Xz.fia.(a(z (Xx.a(z Xy.(ax))))). 
We have h d : (-.P -> P) -> P for i G {1, 2}. 
Let u, v%, v 2 be terms and i G £ <a; , we have : 
((Ci w) t) >* /ia.a ((u ^i) t) and (6 1 ! t^) >* (a («i f)) 
and 

((C 2 u) i)>*fia.((a((u9 1 )t))t), (0 a ui)>*(a ((u0 2 ) t)) and (0 2 r 2 )>*(a fat)). 

Remark 4.6 The term Ci allows to modelizing the Call/cc instruction in 
the Scheme functional programming language. 

The following theorem describes the general operational behavior of terms 
with type (-.P -> P) -> P. 

Theorem 4.7 Lei T be a closed term of type (-P — > P) — > P, t/ien /or even/ 
term w and £ G £ <w , t/iere exzst m G N and terms 6i, m such that for every 
terms Vi,...,v m , we have: 
((T u)t) >*>.((« 

(0j Uf) >* /i.((w £~) /or every 1 < « < m — 1 
(#m "m) >* /^-fao / or a certain 1 < z'o < m 

Proof Let u be a A-variable and t G £ <ti; . Take S = {t / 3m > 0, 36*!, 9 rn 
: t>* fi.((u 9i)t), (9i Vi)>* fi.((u9 i+ i)t) for every 1 <i < m— 1 and (0 m v m )>* 
jj.(vi t) for a certain 1 < z'o < m} and R = {i} — > S. It is clear that S 
is a /^-saturated set. Let M. = (S; R) and an A4-interpretation / such that 
/(P) = R. By the theorem 3.7, T G [(P -> 5) -> R] -> ({t} -> 5). It is 
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suffies to check that u £ (P — > S) — > P. For this, we take 9 £ (P — > S) and 
we prove that {u 9) E R i.e. ((w 6 1 ) i) £ S*. But by the definition of S, it suffies 
to have (9 Vi) £ S, which is true since the terms Vi £ R, because {vi t) £ S. □ 

^.5" Terms of type -P V P "Tertium non datur" 

Example 4.8 Let W = /ib.(buJiiia.(buj 2 Xy.(ay))). We have h W : -P V P. 
Let Xi,X2 be A-variables, Ux,u 2 ,v terms and i £ £ <w . We have: 
(W [xi.Mi,x 2 .m 2 ]) >* Mi [xi := 9\\) 
(9\t)>* fia.(bu 2 [x 2 :=9l\) 
(9lv)>* (a(vt)) 

where 9\ = /ia.(6 {u 2 \y.(a y) [xi.ui, x 2 .u 2 })) and 9\ = Ay. (a (y t)). 

Remark 4.9 The term W allows to modelizing the try... with... instruction 
in the Caml programming language. 

The following theorem gives the behavior of all terms with type -P V P. 

Theorem 4.10 Let T be a closed term of type -P V P, then for every X- 
variables xi,x 2 and terms u\,u 2 and (t n ) n >i a sequence of £ <UJ , there exist 
m £ N and terms 9\,...,9 l m 1 < i < 2 such that for all terms Vi,...,v m , we 
have: 

(T [xx.Ui, x 2 .u 2 ]) >* \i.u,\xi : = 9\] 
(9] tj) >* fi.Ui[xi := for all 1 < j < m — 1 
Vj) t>* fi.Ui[xi := 9j +l ] for all 1 < j < m — 1 
{®mPm) t> * A i -('^p tj) /or a certain 1 < p < m and a certain 1 < q < m 
(9 m Vm) I> * /^•('Wp £<j) /of o certain 1 < p < m and a certain 1 < q < m 

Proof Let u±, u 2 be terms and (t n ) n >i a sequence of £ <UJ . Take then S = {t 
/ 3m > 0, 30j, 9 m 1 < i < 2 : t>*/x.tx i [x< := 0j], (0) t,) >*/£.?/* [xi := 0j +1 ] for 
aU 1 < j < m - 1, (0| Uj) >* //.i*i[a;i := 0j +1 ] for aU 1 < j < m - 1, (0^ t m ) >* 
li.Vp{t q ) for certain (1 < p < m and 1 < g < m) and (0^ t> m ) >* fi.(v p t q ) for 
certain (1 < p < m and 1 < q < m)}. R = {ti, ...,t n } — > S. By definition S 
is a /^-saturated set. Let M. = (S; R) and an .M-interpretation I such that 
I(P) = R. By the theorem 3.7, T £ [R -> 5] V P. Let £ P, then, for 
all z, (0 fj) £ 5. Let 9' e R ^ S, hence (9' Vi) £ S 1 since Vi £ P (because 
fj) £ S 1 ), therefore (T [zi.iti, ^2-^2]) £ 5. □ 
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